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Abstract. In a previous paper |16j. the sup-interpretation method was 
proposed as a new tool to control memory resources of first order func- 
tional programs with pattern matching by static analysis. Basically, a 
sup-interpretation provides an upper bound on the size of function out- 
puts. In this former work, a criterion, which can be applied to termi- 
nating as well as non-terminating programs, was developed in order to 
bound polynomially the stack frame size. In this paper, we suggest a 
new criterion which captures more algorithms computing values polyno- 
mially bounded in the size of the inputs. Since this work is related to 
quasi-interpretations, we compare the two notions obtaining two main 
features. The first one is that, given a program, we have heuristics for 
finding a sup-interpretation when we consider polynomials of bounded 
degree. The other one consists in the characterizations of the set of func- 
tion computable in polynomial time and in polynomial space. 



1 Introduction 

This paper is part of general investigation on program complexity analysis and, 
particularly, on first order functional programming static analysis. It studies the 
notion of sup-interpretation introduced in |16) , a method that provides an upper 
bound on the size of every stack frame if the program is non-terminating, and 
establishes an upper bound on the size of function outputs if the program is 
terminating. Basically, a sup-interpretation is a partial assignment of symbols, 
which ranges over positive real numbers and which gives a bound on the size of 
the computed values. We use this notion to develop a criterion which ensures that 
the size of the values computed by a program verifying this criterion is polyno- 
mially bounded in the size of the inputs and which allows to bound polynomially 
the size of the stack frames whenever the program is not terminating. 

The practical issue is to provide the amount of space resources that a program 
needs during its execution. This is crucial for at least many critical applications, 
and is of real interest in computer security. There are several approaches which 
are trying to solve the same problem. The first one is by monitoring computa- 
tions. However, the monitor may crash unpredictably by memory leak if it is 
compiled with the program. The second one, complementary to static analysis, 
is a testing-based approach. Indeed, such an approach provides lower bounds on 
the memory needed. The last approach is type checking which can be done by 
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a bytecode verifier. Our approach is rather distinct and consists in an attempt 
to control resources by providing resource certificates in such a way that the 
compiled code is safe w.r.t. memory overflow. Similar works have studied by 
Hofmann |1(JI11| and Aspinall and Compagnoni g^. 

The sup-interpretation can be considered as some program annotation pro- 
vided by the programmer. Sup-interpretations strongly inherit from: 

— The notion of quasi-interpretation developed by Bonfante, Marion and Moyen 
in |7I8I15I1^ . Quasi-interpretation, like sup- interpretation, provides a bound 
on function outputs by static analysis for first order functional programs and 
allows the programmer to find a bound on the size of every stack frame. The 
paper 8 is a comprehensive introduction to quasi-interpretations which, 
combined with recursive path orderings, allow to characterize complexity 
classes such as the set of polynomial time functions or yet the set of poly- 
nomial space functions. Like quasi-interpretations, sup-interpretations, were 
developed with the aim to pay more attention to the algorithmic aspects 
of complexity than to the functional (or extensional) one and then it is 
part of study of the implicit complexity of programs. But the main in- 
terest of sup-interpretation is to capture a larger class of algorithms. In 
fact, programs computing logarithm or division admits a sup- interpretation 
but have no quasi-interpretation. Consequently, we firmly believe that sup- 
interpretations, like quasi-interpretations, could be applied to other lan- 
guages such as resource bytecodeverifier by following the lines of |2] or 
language with synchronous cooperative threads as in j^. 

— The dependency pair methods introduced by Arts and Giesl in 4 which 
was initially introduced for proving termination of term rewriting systems 
automatically. In order to obtain a polynomial space bound, a criterion is 
developed on sup-interpretations using the underlying notion of dependency 
pairs by Arts and Giesl 

— The size-change principle by Jones et al. 1131 which is another method devel- 
oped for proving program termination. Indeed, there is a very strong relation 
between termination and computational complexity and, in order to prove 
both complexity bounds and termination, we need to control the arguments 
occurring in the recursive calls of a program. 

Section 2 introduces the first order functional language and its semantics. 
Section 3 introduces the syntactical notion of fraternity which is of real inter- 
est to control the size of values added by the recursive calls. Section 4 defines 
the main notions of sup-interpretation and weight used to bound the size of a 
program outputs. In section 5, we introduce a criterion, called quasi-friendly cri- 
terion, which enlarges, in practice, the class of programs captured by a former 
criterion, called friendly criterion, of \W\ (for example, it captures algorithms 
over trees whereas the friendly criterion fails). This criterion provides a polyno- 
mial bound on the size of the values and the stack frame size computed by a 
quasi- friendly programs (depending on whether the programs terminate or not). 
Finally, in a last section, we also compare the notion of sup-interpretation to the 
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one of quasi-interpretation. First, we show that quasi-interpretation is a partic- 
ular sup-interpretation. As a consequence, we obtain heuristics for the synthesis 
of sup-interpretations, which consists in finding a sup-interpretation for a given 
program, as far as far, we consider the set of Max-Poly functions defined to be 
constant functions, projections, max, x and closed by composition. Finally, 
using former results about quasi- interpretations, we give two characterizations of 
the sets of functions computable in polynomial time and respectively polynomial 
space. 

2 First order functional programming 

2.1 Syntax of programs 

In this paper we consider a generic first order functional programming language. 
The vocabulary S = { Var, Cns, Op, Fct) is composed of four disjoint domains 
of symbols which represent respectively the set of variables, the set of construc- 
tor symbols, the set of basic operator symbols and the set of function symbols. 
The arity of a symbol is the number n of its arguments. A program p of our 
language is composed by a sequence of definitions defi, • • • , <ie/„ which are ba- 
sically function symbols definitions and which are characterized by the following 
grammar: 

Definitions 9 rfe/ ::= f (xi, • • • , x„) = e* 

Expression 9 e ::= .7: | c(ei, ■ • • , e„) | op(ei, • • ■ , e„) | f (ei, • • • , e„) 

I Case ei, • • • , e„ of — > . . .p:^ ^ 
Patterns 3 p ::= x \ c(pi, ■ • • ,p„) 

where variables, c e Cns is a constructor symbol, op e Op 

is an operator symbol, f G Fct is a function symbol, and jxl is a sequence of n 
patterns. Throughout the paper, we extend this notation e in a clarity concern 
for any sequence of expressions ei, . . . , e„, for some n clearly determined by the 

context. 

The Case operator is a special symbol that allows pattern matching. It is 
convenient, because it avoids tedious details, to restrict case definitions in such 
a way that an expression involved in a Case expression does not contain nested 
Case (In other words, an expression does not contain a Case expression). 
This is not a severe restriction since a program involving nested Case can be 
transformed in linear time in its size into an equivalent program without the 
nested Case construction. 

In a definition, a variable of e* is either a variable in the parameter list 
Xi, - ■ ■ ,Xn of the definition of f or a variable which occurs in a pattern of a 
Case definition. In a Case expression, patterns are not overlapping. Such a 
restriction ensures that considered programs are confluent. 

2.2 Semantics 

The computational domain of a program p is Values* = Values U {Err} where 
Values represents the constructor algebra T{Cns) and Err is a special symbol 
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returned by the program when an error occurs. Each operator symbol op of 
arity n is interpreted by a function |op] from Values"" to Values*. Operators 
are essentially basic partial functions like destructors or characteristic functions 
of predicates like =. The destructor hd illustrates the purpose of Err when it 
satisfies |hd](nil) = Err. 

A substitution cr is a finite mapping from Var to Values. The application of 
a substitution a to an expression e is noted ea. 

The language has a closure-based call-by-value semantics which is displayed 
in Appendix 1X1 Given a substitution cr, the meaning of ea i w is that is that e 
evaluates to the value w of Values* . If no rule is applicable, then an error occurs, 
and ecr | Err. A program p computes a partial function |p| : Values" — > Values* 
defined by: For all Vi e Values, |p|(fi, ■ • ■ , Vn) = w iS p(fi, ■ • ■ , i w. 

Example 1 (Division). Consider the following definitions that encode the divi- 



minus(x, y) = Case x, y of 0, z ^ 

S(z),0 ^ S(z) 
S(m), S(v) minus(u, v) 
q{x, y) — Case x, y of 0, S(z) 

S(z),S(u) S(q(minus(z, u), S(u))) 

Using the notation n for S(. . . S(0) . . .), we have: 

n times S 

|q](n, m) = [n/m] for n,m > 



3 Fraternities 

In this section, we define the notion of fraternity based on dependency pairs, that 
Arts and Giesl @] introduced to prove termination automatically. Fraternities 
will be used to tame the size of arguments of recursive calls. 

A context is an expression C[oi, ■ • • , o^] containing one occurrence of each o^. 
We suppose that the o^'s are fresh variables which are not in S. The substitution 
of each by an expression di is noted C[c?i, • ■ • ^dr]. 

Definition 1. Assume that f (xi, • • ■ ,x„) = is a definition of a program. An 
expression d is activated by f{pi, ■ ■ ■ ,pn) where the pi 's are patterns if there is 
a context with one hole C[o\ such that: 

— If e^ is a compositional expression (that is with no case definition inside it), 
then = C[d]. In this case, pi = xi . . .pn = Xn. 

— Otherwise, = Case ei, • • • , e„ of g]" — > e^ . . .qg — > e^, then there is a 
position j such that e^ = C[d\. In this case, pi — qj^i . . .pn — qj,n where 
qj = qj^i . . .qj^n- 
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This definition is convenient in order to predict the computational data flow 
involved. Indeed, an expression is activated by f (pi, • ■ • ,p„) when f (ui, • • • , u„) 
is cafled and each Vi matches the corresponding pattern pi. An expression d 
activated by f (pi, • • • ,Pn) is maximal if there is no context C[o], distinct from 
the empty context, such that C[d] is activated by i{pi, ■ ■ ■ ,Pn)- 

Definition 2 (Precedence). The notion of activated expression provides a 
precedence >jf on function symbols. Indeed, set f >jr g if there are e and p 
such that g(e) is activated by i{p). Then, take the reflexive and transitive clo- 
sure of >yr, that we also note >jf. It is not difficult to establish that >jr is a 
preorder. Next, say that f «jr gift >jr g and inversely g >jc- f . Lastly, f >jr g 
if f >yr g and g f does not hold. Intuitively, f >yr g means that f calls g in 
some executions. And f g means that f and g call themselves recursively. 

Definition 3 (Fraternity). In a program p, an expression C[gj^(e]"), . . . , gj.{e^)] 
activated by f (pi, • • ■ ,Pn) is a fraternity if 

1. C[gj(eT), . . . ,gr(e;^)] is maximal 

2. For each i £ {1, f}, g^ f . 

3. For every function symbol h that appears in the context C[oi,-- - ,0^], we 
have f >jr h. 

A fraternity may correspond to a recursive caU since it involves function 
symbols that are equivalent for the precedence >jr. 

Example 2. The program of example ^ E^dmits two fraternities minus(u,w) and 
S[q(minus(z, u), S(m))] which are respectively activated by ininus(S(u), S(w)) 
and q(S(z), S(m)). 

4 Sup-interpretations 

Definition 4 (Partial assignment). A partial assignment I is a partial map- 
ping from the vocabulary S which assigns a partial function I{b) : (M+)" i — > 
to each symbol b in the domain of I . The domain of a partial assignment I is 
noted dom(I) . Because it is convenient, we shall always assume that partial as- 
signments that we consider, are defined on constructor and operator symbols (i.e. 
CnsU Op C dom{I)). 

An assignment I is defined over an expression e if each symbol of CnsU OpU 
Fct in e belongs to dom{I). Suppose that the assignment I is defined over an 
expression e with n variables. The partial assignment of e w.r.t. I, that we note 
I*{e), is the canonical extension of the assignment I and denotes a function from 
(R+)" to M+ defined as follows: 

1. If Xi is in Var, let I*{xi) — Xi with Xi, . . . ,X„ a sequence of new variables 
ranging over . 

2. Ife is a sequence of n expressions, then I*{e) — max(/*(ei), . . . ,/*(e„)) 
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3. If e is a Case expression of the shape Case e of pi — > . . .p^ ^ e , then 

/*(e) =max(/*(e),/*(ei),...,r(e'')) 
4- If b is a 0-ary symbol or b = Err, then I*{b) = I{b). 

5. If b is a symbol of arity n > and ei , • • • , e„ are expressions, then we have 
7*(6(ei,-- - ,e„)) = /(6)(7*(ei),...,r(e„)) 

Definition 5 (Additive assignments). A partial assignment I is polynomial 

if for each symbol b of arity n of dom{I), I{b) is bounded by a polynomial in 
M"*" [Xi , Xn] . An assignment of a constructor symbol c is additive if 

n 

/(c)(Xi,--- ,X„) = ^Xi + ac ac>l 

i=l 

If the polynomial assignment of each constructor symbol is additive then the 
assignment is additive. Throughout the following paper we only consider 
additive assignments. 

Definition 6. The size of an expression e is noted \e\ and defined by \e\ = 
if e is a 0-ary symbol or if e = Err and \b{ei, . . . , e„)| = 1 + \ei\ if e = 
6(ei, . . . , e„) with n> 0. 

Lemma 1. Given an assignment I, there is a constant a such that for each 
value V of Values* , the following inequality is satisfied : 

\v\ < I*{v) < a\v\ 

Definition 7 (Sup-interpretation). A sup-interpretation is a partial assign- 
ment 9 which verifies the three conditions below : 

1. The assignm.ent 9 is weakly monotonic. That is, for each symbol b G dom{9), 
the function 9(b) satisfies 

\/i = l,...,nXi>Yi^9{b){Xi,--- ,Xn)>e{b){Yi,--- ,y„) 

2. For each v G Values* , 

9*{v) > \v\ 

3. For each symbol b G dom{9) of arity n and for each value Ui , . . . , v„ of 
Values, if lbl{vi, . . . ,Vn) S Values*, then 

9*{b{vi,...,v^j)>9*m{vi,...,v^)) 

We say that expression e admits a sup-interpretation 9 if 9 is defined over e. 
The sup-interpretation of e wrt 9 is 9*{e). 

Intuitively, the sup-interpretation is a special program interpretation. In- 
stead of yielding the program denotation, a sup-interpretation provides an upper 
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bound on the output size of the function denoted by the program. It is worth 
noticing that sup- interpretation is a complexity measure in the sense of Blum 0. 
Given an expression e, we define ||e|| thus: 

Jllell if lel G Values* 
I otherwise 

Lemma 2. Let e be an expression with no variable and which admits a sup- 
interpretation 0. If |e] e Values* then have: 

||e||<r([el)<r(e) 

Proof. The proof is in ^16 . □ 

Example 3. Consider the program for exponential: 

exp(a;) = Case a; of ^ S(0) 

S(y) double(exp(2/)) 
double(x) = Case a; of ^ 

S{y) ^ S(S(double(y))) 

By taking 6{S){X) ~ X + 1, 6'(double)(X) = 2X, we define a sup-interpretation 
of the function symbol double. 

Now we are going to define the notion of weight which allows us to control 
the size of the arguments in recursive calls. A weight is an assignment having the 
subterm property but no longer giving a bound on the size of a value computed 
by a function. 

Definition 8 (Weight). A weight lu is a partial assignment which ranges over 
Fct. To a given function symbol f of arity n it assigns a total function lo± from 
(R+)" to IR+ which satisfies: 

1. LUf is weakly monotonic. 

yi = l,...,n, X,>Y,^iJi{...,X„...)>uJi{...,Y,,...) 

2. Uf has the subterm property 

V^ = l,...,7i, VX, eR+ LJi{...,X^,...)>X^ 

Definition 9 (Call-tree). A state is a tuple (f , ui, • • • , u„) where f is a func- 
tion symbol of arity n andui, . . . ,Un are values. Assume thatrji = (f • • • ,Un) 
and 772 = (g, wi, • • • are two states. Assume also that C[g(ei, • • • ,6^)] is ac- 
tivated by f (pi, • • • ,Pn). A transition is noted rji 772 and defined by: 

1. There is a substitution a such that piU — m for i = 1, . . . , 71 

2. and \eju\ = vj for j = 1, . . . , k. 

We call such a graph a call-tree of f over values Mi, . . . , u„ if {f,Ui, - ■ ■ , u„} is 
its root. A state may be seen as a stack frame. A call-tree of root (f , ui, • • ■ , u„) 
represents all the stack frames which will be pushed on the stack when we compute 
f . . . ,M„). 
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5 Criterion to control space resources 

Definition 10 (Quasi- friendly). A program p is quasi- friendly ijf there are 
a sup-interpretation 9 and a weight uj such that for each fraternity of the shape 
C[gi(eT), . . . ,gr(e7)], activated by f{pi, ■ ■ ■ ,pn), we have: 

1. uji{e*{pi),...,e*{pn)) > maxi=i..^(wg^(r(e-))) 

2. M9*ipi), . . . > r(C)[c^g^(r(eT)), . . . ,c^g„(r (e7))] 

Notice that nested fraternities (i.e. a fraternity d containing another frater- 
nity inside it) are not of real interest for this criterion. In fact, consider for 
example the following nested fraternity f(a;) = f(f(a::)). In the quasi- friendly 
criterion, one need to guess a weight and a sup-interpretation for the function 
symbol f , so that, the criterion becomes useless. However this is not a severe 
drawback since such programs are not that natural in a programming perspec- 
tive and either they have to be really restricted or they rapidly generate complex 
functions like the Ackermann one. 

Since 9* has no subterm property, conditions 1 and 2 are independent and 
useful in order to control the size of the values added by recursive calls. An 
example showing this independence is given in appendix IbI 

Theorem 1. Assume that p is a quasi-friendly program, then for each function 
symbol f of p there is a polynomial P such that for every value vi, . . . ,v„ 



\\f{vi, . . . ,v„)\\ < Pirna^ilvil ...,\vn\)) 
Proof. The proof can be found in appendix |21 □ 
Example 4- The program of example ^ is quasi- friendly. Taking: 

9{0) = 



{X, Y) = max(X, Y) 



9iS){X)=X + l 

9{minus){X,Y) = X 

ojc^{X,Y)^X + Y 

We check the conditions for the fraternity defined by q: 

Wq(r(S(z)),0*(S(M))) + Z + 2 

>Z+U+1 

= LUq{9*{miiLVLs{z,u)),9*{S{u))) (Condition 1) 

Wq(r(S(z)),^*(S(M))) = U + Z + 2 

>Z+U+2 

= r(S)(tJq(r(minus(z,'u)),6l*(S(u)))) (Condition 2) 

Example 5. The program of example |21 is not quasi-friendly. Indeed since the 
sup-interpretation of double is greater than 2A'. One has to find a polynomial 
weight Wexp such that: 

{X+l)> 6l(d0Uble)(Wexp(^)) > 2Wexp(^) 

which is impossible. 
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Theorem 2. Assume that p is a quasi-friendly program. For each function sym- 
bol f of p there is a polynomial R such that for every node (g, ui, • ■ • , u„j) of the 
call-tree of root (f , ui, • ■ • , u„), 

max {\uj\) < i?(max(|wi|, |z;„|)) 

j=l..m 

even if t(vi, . . . , w„) is not terminating. 

Proof. The proof relies on theorem ^ and is essentiaUy the same than the one 
in □ 

In the paper jlfij . a first criterion, called friendly criterion, was developed in 
order to bound the stack frame size during the execution of a program. How- 
ever, as mentioned in the conclusion of 16 , this criterion was suffering from 
a lack because of a too restrictive condition on the contexts. Indeed, the sup- 
interpretations of the contexts were forced to be max functions forbidding, for 
example, recursion over tree data structure as in the example of Appendix ^ 
Thus, from practical experience, the quasi-friendly criterion captures more algo- 
rithms than the friendly criterion. 



6 Comparison with quasi-interpretations 

Definition 11. A quasi-interpretation is a total (i.e. defined for every symbol of 
the program) additive assignment (|— D monotonic and having the subterm prop- 
erty (i.e. For all symbol f of arity n,\fi S {1, n} , (|f D(. . . , X^, . . .) > Xi) such 
that for every maximal expression e activated by f{pi, ■ ■ ■ we have: 

^f(pi,-- - ,Pn)^ > H 

where the assignment (|— |) is extended canonically to terms by 

(]g(ei,--- ,e„)HB(^ei^,...,^eJ) 

As demonstrated in |7l8ll5j . quasi-interpretations have the following prop- 
erty: 

Proposition 1. Given a program p which admits a quasi-interpretation (|— D, 
for each function symbol f of p and any v,Vi, - ■ ■ , w„ S Values, 

Theorem 3. Every quasi-interpretation is a sup-interpretation. 



Proof. By previous proposition, conditions 2 and 3 of DefinitionE|hold. By Defi- 
nition im a quasi-interpretation is monotonic, so that condition 1 of Definition[71 
holds. □ 
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A very interesting consequence of this Theorem concerns the sup-interpretation 
synthesis problem. The synthesis problem consists in finding a sup-interpretation 
for a given program. It was introduced by Amadio in T for quasi-interpretations. 
This problem is very relevant in a perspective of automating the complexity anal- 
ysis of programs. However the synthesis of quasi- interpretation is a very tricky 
problem which is undecidable in general. However Amadio showed 1 that some 
rich classes of quasi- interpretation are in NP and in , it was demonstrated that 
the quasi-interpretation synthesis with bounded polynomials over reals is decid- 
able. Consequently, we get some heuristics for the synthesis of sup-interpretation 
in Max- Poly, the set of functions defined to be constant functions, projections, 
max, -|-, X and closed by composition: Given a program p, we try to find a 
quasi-interpretation for this program, and, by previous Theorem, we know that 
it is a sup-interpretation. 

Theorem 4. Every program that admits a quasi-interpretation is quasi- friendly. 

Proof. By previous theorem every quasi-interpretation defines a sup-interpreta- 
tion. Moreover every quasi-interpretation is a weight. 

Proposition 2. There exist quasi-friendly programs that do not have any quasi- 
interpretation. 

Proof. Program of example ^ is quasi-friendly but does not admit any quasi- 
interpretation. In fact, suppose that it admits an additive quasi-interpretation 
q. For the last definition, we have: 

(|q(S(w), S(u))D (|qD([/ + k,V + k) For some constant k 

> ^S(q(minus(«, u), S(m)))^ By Dfn of (\-\) 

> k + l\q]){ma.x{U,V),U + k) 

> l\q\)iU + k,V + k) forF>C/+l 

Consequently, we obtain a contradiction and q does not admit any quasi-interpre- 
tation. □ 

In |7I8I15| , some characterizations of the functions computable in polynomial 
time and polynomial space were given. Theorems ^ and |31 allow to adapt these 
results to the sup-interpretations. 

Given a precedence (quasi-order) >Fct uCns on CnsU Fat. Define the equiv- 
alence relation wpct uCns as f WFct uCns g iff f >Fct uCns g and g >Fct uCns f ■ 
We associate to each function symbol f a status st{f) in {p, 1} and satisfying if 
f ~Fct UCns g then st{t) ~ st{g). The status indicates how to compare recursive 
calls. 

Definition 12. The product extension -<p and the lexicographic extension of 
-< over sequences are defined by: 

— (mi,-- - ,mfc) <P (rii,--- ,nk) if and only if (i) \fi < k,mi < Ui and (ii) 
3j < k such that mj -< nj . 
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— {nil, • ■ • , rrik) (rii, • ■ • , ni) if and only if 3j such that Vi < j, irii ^ 
and nij ~< Uj 

Definition 13. Given a precedence >Fct uCns o-nd a status st, we define the 
recursive path ordering -<rpo o,s follows: 

U <rpo ti Vi Ui -<rpo /(^li • ' ' j ^n) 9 ^Fct UCns f 

U <rpo /(■•■, ti, . . .) g{ui, • ■ • , Ujn) <rpo f{tl, ' ' ■ , t„) 

{Ui,- ■ ■ ,Un) ^fj^P {tl,- ■ ■ ,tn) f^FctuCnsg ^i U.^ ^rpo f{tl , ■ ' ' , tn) 

g{ui, • ■ • ,Un) ^rpo f{tl, • ■ ■ ,tn) 

The Case. . . of . . . (and the symbol — in a definition without Case) expres- 
sions induce a rewrite relation noted — >. A program is ordered by <rpo if there 
are a precedence :<Fct and a status st such that for each rule I — > r of the rewrite 
relation, the inequality r -<rpo I holds. 

Theorem 5. 

— The set of functions computed by quasi-friendly programs admitting an addi- 
tive sup-interpretation and ordered by <rpo where each function symbol has a 
product status is exactly the set of functions computable in polynomial time. 

— The set of functions computed by quasi-friendly programs admitting an ad- 
ditive sup-interpretation and ordered by -<rpo is exactly the set of functions 
computable in polynomial space. 

Proof. We give here the main ingredients of the proof. The main idea of the proof 
is fully written in Due to the ^rpo ordering with product status, any recursive 
subcall of some f{vi,--- , Wn), with f function symbol and Vi constructor terms, 
will be done on subterms of the Vi . A consequence of Theorem ^ is that any 
other subcalls will be done on arguments of polynomial size. So one may use a 
memoization technique a la Jones 17, which leads us to define a call- by- value 
interpreter with cache in Appendix^ □ 

References 

1. R. Amadio. Max-plus quasi-interpretations. In Martin Hofmann, editor. Typed 
Lambda Calculi and Applications, 6th International Conference, TLCA 2003, Va- 
lencia, Spain, June 10-12, 2003, Proceedings, volume 2701 of Lecture Notes in 
Computer Science, pages 31-45. Springer, 2003. 

2. R. Amadio, S. Coupet-Grimal, S. Dal-Zilio, and L. Jakubiec. A functional scenario 
for bytecode verification of resource bounds. In Jerzy Marcinkowski and Andrzej 
Tarlecki, editors. Computer Science Logic, 18th International Workshop, CSL 13th 
Annual Conference of the EACSL, Karpacz, Poland, volume 3210 of Lecture Notes 
m Computer Science, pages 265-279. Springer, 2004. 

3. R. Amadio and S. Dal Zilio. Resource control for synchronous cooperative threads. 
Research Report LIF. 



12 



4. T. Arts and J. Giesl. Termination of term rewriting using dependency pairs. The- 
oretical Computer Science, 236:133-178, 2000. 

5. D. Aspinall and A. Compagnoni. Heap bounded assembly language. Journal of 
Automated Reasoning (Special Issue on Proof- Carrying Code), 31:261-302, 2003. 

6. M. Blum. A machine-independent theory of the complexity of recursive functions. 
Journal of the Association for Computing Machinery, 14:322-336, 1967. 

7. G. Bonfante, J.-Y. Marion, and J.-Y. Moyen. On lexicographic termination or- 
dering with space bound certifications. In PSI 2001, Akademgorodok, Novosibirsk, 
Russia, Ershov Memorial Conference, volume 2244 of Lecture Notes in Computer 
Science. Springer, Jul 2001. 

8. G. Bonfante, J.-Y. Marion, and J.-Y. Moyen. Quasi-interpretation a way 
to control resources. Submitted to Theoretical Computer Science, 2005. 
pttp : / / www . lor ia . f r/ "mar ion j y 

9. G. Bonfante, J.-Y. Marion, J.-Y. Moyen, and R. Pechoux. Synthesis of quasi- 
interpretations. Workshop on Logic and Complexity in Computer Science, 
LCC2005, Chicago, 2005. http://www.loria/~pechoux 

10. M. Hofmann. Linear types and non-size-increasing polynomial time computation. 
In Proceedings of the Fourteenth IEEE Symposium on Logic in Computer Science 
(Lies '99), pages 464-473, 1999. 

11. M. Hofmann. A type system for bounded space and functional in-place update. In 
European Symposium on Programming, ESOP'OO, volume 1782 of Lecture Notes 
in Computer Science, pages 165-179, 2000. 

12. N. D. Jones. Computability and complexity, from a programming perspective. MIT 
press, 1997. 

13. Chin Soon Lee, Neil D. Jones, and Amir M. Ben-Amram. The size-change principle 
for program termination. In Symposium on Principles of Programming Languages, 
volume 28, pages 81-92. ACM press, January 2001. 

14. J.-Y. Marion. Analysing the implicit complexity of programs. Information and 
Computation, 183:2-18, 2003. 

15. J.-Y. Marion and J.-Y. Moyen. Efficient first order functional program interpreter 
with time bound certifications. In Michel Parigot and Andrei Voronkov, editors. 
Logic for Programming and Automated Reasoning, 7th International Conference, 
LPAR 2000, Reunion Island, Prance, volume 1955 of Lecture Notes in Computer 
Science, pages 25-42. Springer, Nov 2000. 

16. J.-Y. Marion and R. Pechoux. Resource analysis by sup-interpretation. In 
M. Hagiya and P. Wadler, editors, Functional and Logic Programming: 8th In- 
ternational Symposium, FLOPS 2006, volume 3945 of Lecture Notes in Computer 
Science, pages 163-176, 2006. 



13 



A Call-by-value semantics 



tl i TOl . . . t„ i W„ 

■ c £ Cns and Vi, Wi 7^ Err 



C{t\, ■ ■ ■ ,t„) i c(lUl, ■ ■ ■ ,TO„) 
t\ i Wl . . .tn i W„ 

op(ti, • ■ ■ ,t„) i |[op](wi, • ■ ■ 

e [u 3cr, i : piO — u da [ w 
Case e ot pi ^ ei . . . pe ei I w 

ei i u)i . . . e„ I TO„ f (xi, • ■ ■ , Xn) = e^alw 

where a{xi) ^ Wi ^ Err and w / Err 

f (ei, • ■ ■ ,e„) Iw 

Fig. 1. Call by value semantics of ground expressions wrt a program p 



■ op G Op and Vi, Wi 7^ Err 



■ Case and u ^ Err 



B Example 



The following non-terminating program illustrates that conditions 1 and 2 of the 
quasi- friendly criterion are independent. 

half (t) = Case t of S(S(x)) ^ S(half (a;)) 
S(0) ^ 

f (a;) = half (f (double(x)) 



where double is the function of example 01 The arguments of f computed 
by the recursive calls arc unbounded. However by taking 6'(half)(X) = X/2, 
0(double)(X) = 2X and ijJf{X) = X, we can check that the Condition 2 of the 
quasi-friendly criterion is satisfied, even if Condition 1 is not. 



C Proof of Theorem [T] 



We start by showing the following lemma: 
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Lemma 3. If a locally friendly program has a call-tree containing a branch of 
the shape {i,u\, - ■■ , Un) (g, v\,-- ■ , Vk) with i »^ g then: 

Proof. We show it by induction on the number n of states in the branch: 

— If n = 1, {f,ui,--- ,Un) ^ (g)i'i)'"' ,Vk) then there is a definition with 
a fraternity of the shape f{x\, ■ ■ ■ ,Xn) = Case Xi, - ■ ■ ,x„ of pi, • • • ,Pn — * 

C[g(ei, • • • .Cfe)] with f Rijr g and a substitution cr such that p^cr = Ui and 
leja} = Vj. Applying the Condition 1 of the quasi- friendly criterion, we 
obtain: 

ujf{9*{ui), ■ ■ ■ ,9*{un)) > ujg{0*{eia), ■ ■ ■ ,9*{eka)) > ujg{9*{vi), ■ ■ ■ ,d*{vk)) 
By monotonicity of weights and by definition of sup- interpretations. 

k 

— Now suppose by induction hypothesis that if (f , ui, • • • , Un) (g, fi, • ' • ) '^k) 
with f Ri^ g and k < n, we have 

And consider the following branch of length n + 1: 

{t,ui,--- ,Un) (g,t^i,-- - ,Vk) ,v'i) 
with h f . Then as in the base case, we can derive 

c.g(r(«i),... ,e*{vk))>u;^{0*{v[),--- ,0*{v'i)) 
and combine it with the Induction Hypothesis to obtain: 

u;,{e*{m), • • • , r K)) > M0*{v[), • • • , e*{v[)) 

□ 

Theorem 1. Assume that p is a quasi-friendly program. For each function sym- 
bol f of p there is a polynomial P such that for every value vi, . . . , Vn, 

\\f{vi, ...,Vn)\\< P(max(|vi|, \Vn\)) 

Proof. Suppose that we have a program p and a function symbol f G Fct and 
Vi, - ■ ■ ,Vn G Values such that |f](i;i, • • • is defined (i.e. the function com- 
putation terminates on inputs vi, - ■ ■ We are going to show the previous 
result by an induction on the precedence >jr. 

— If f is defined without function symbols (i.e. f is strictly smaller than any 
other function symbol for >j^), then a definition of the shape f(a;i, • • • ,Xn) = 
e with e e T{CnsL} X) is applied. We define Pf{X) = \e\ with the size of 
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a variable y being defined by |?;| = X. Taking a substitution a such that 
Pia = Vi, we can check easily that 

Pf(max \vi\) = \e[X := max \vi\]\ > \ea\ = ||f(wi,--- ,Vn)\\ 

i—l..n i—l..n 

where \e[X := \v\]\ denotes the substitution of the variable X by the value 
|w| in the function |e|. 

— Now, if the function symbol f is defined without fraternities, then we have 
definitions of this shape i{xi, ■■ ■ ,x„) = Case xi, ■ • ■ ,Xn of pi, ■ • • ,p„ 

e with for all function symbol g G e, f >jr g. We suppose by induction 
hypothesis that we have already defined a polynomial upper bound on the 
function symbols g. Moreover, for every constructor symbol c S e of arity n, 
we define Pc{X) ~ nX + 1, which represents a polynomial upper bound on 
its computation (i.e. the constructor symbol keeps its arguments and adds 
1 to the global size). Finally, if e = h(ei, • • • ,em), we define inductively a 
polynomial upper bound on the size of the computation of e by Pe{X) = 
Ph(maxi=i..m Pe; (^))- By definition of such a polynomial, we know that 
Pe(maxj=i..„ \vi\) > ■ • ■ ,Vn)\\. 

— Now, suppose that the function symbol is defined with some definitions lead- 
ing to fraternities and some definitions similar to the one of the previous 
case (i.e. definitions which arc not recursive). First, we build a polynomial 
Pf>^, as in the previous case, for these latter definitions. Notice also that 
since we know, by hypothesis, that the computation is terminating, every 
recursive call will be ended by such definitions. However it can be ended 
by such a definition for some other equivalent function symbol. Thus for 
each g f , we also define Pg>^ and finally, we define a new polynomial 
Qf{X) = maxg~^f (Pg>^(X)). Intuitively, this polynomial is an upper bound 
on the size of every value computed by a definition which will leave a de- 
pendency pair cycle in Arts and Giesl's work. Now, combining condition 2 
of Definition 1101 and lemma 13 we know that if for some values wi, • • • ,Vn, 
i{vi,- ■ ■ ,'y„)^C[gi(?IT), . . . ,g,.(?I7)] with gi wjr . . . g, wjr f and the 
rewrite relation induced by the definitions of the program, then: 

c.f(r(z;i),--- ,rK))>0;(C)K(e;(iiT)),...,c.g,(0;(w))] (i) 

where the notation 9^{e) means that the sup-interpretation of e may depend 
on w = Ui , • ■ • ,Vn- 

This result holds particularly in the case where the gi{u7) correspond to 
function calls that will leave the recursive call (i.e. function symbols that call 
function symbols strictly smaller for the precedence). Since we are consider- 
ing defined values (i.e. evaluations that terminate), such calls exist. By con- 
dition 2 of Definitional we know that 9*{ui) > |u7|. By subterm property of 
weights, we obtain Wg. {9*{ui)) > max \ui \ and since Qt is monotone (by con- 
struction) Qf{oj^.{9*{ui))) > Qf (max |?Ii|). Now, since sup-interpretations 
represent an upper bound on the values computed by the functions, if we 
have C[g]^(Mr), . . . , gj(lv)] i ■ ' ' ^Vn) then by monotonicity of sup- 
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interpretations, weights and Qf. 

0;(c)[Qf K (^;(^)))^ ■ ■ • . (^g, m^m > 

0^(C)[(5f(max|ltT|),...,(3f(max|w|))] > ||f(wi,-- - ,Vn)\\ 

It remains to show that the left-hand side of this inequality is bounded poly- 
nomially in the size of the inputs. Inequality (1), implies that 0J(C)[oi, • ■ • , O/] 
is polynomial in Oj whenever Wg . {0^{uj)) depends on v (Else we obtain a con- 
tradiction since cjf (0*(wi), • • • , 9*{vn)) is polynomial in the 9*{vi), ■ ■ ■ , 9*{vn). 
Moreover, if usg . (01(lj~)) does not depend on V then it is constant. By lemma|31 
and by monotonicity of Qf, Qf (^g^. (^'J(^t7))) is bounded by Qf{ujf{6*{v))). 
Finally, the ring of polynomials being closed by composition, we know that 
1 1 f (wi , • ■ • ,Vn)\\ is polynomially bounded inthe6'*(tii),-- - ,0*{vn)- Since the 
considered sup-interpretations are additive, we have by Icmma^that 0*{v) < 
a\v\ for some constant a. Consequently, ||f (wi, ■ • • ,Vn)\\ is also bounded by 
a polynomial in • ■ • , |wn| which is independent from the inputs. 

□ 



D Example 

The following example illustrates that the quasi- friendly criterion captures, in 
practice, more algorithms than the friendly criterion of 16 . In fact, contrary to 
this latter criterion, the quasi-friendly criterion captures algorithms over trees 
(where the tree algebra is generated by the binary constructor symbol c for nodes 
and the unary constructor symbol tip for leaves). 

f{s,t) = Case s,t of c{x , y) , c{x' , y') c(f (x, y), f (a;', y')) 
c{x,y),tip{u) tip(u) 
tip(u),c(x,?/) ^ tip(u) 
tip(u),tip(u) q(w,w) 

If the leaves of s and t are the words ui,--- ,Un and wi,--- ,Vn, then f 
computes the tree whose leaves form the word q(Mi, W2), . . . , q(Mri, Vn) with q the 
division function described in example^ Taking u!f{X, Y) = X+Y, 9{tip){X) = 
X + 1, 9{q){X, Y) ^ X and 9{c){X, Y) ^ X + Y + 1 we can show easily that it 
is quasi-friendly. 

LUf{9*{cix, y)), 9* {c{x\ y')) =X + Y + X' + Y' + 2 

> max(X + Y,X' + Y') 

= max{ujA9*{x),9*(y),LuA9*{x'),9*{y')) (Cnd 1) 
uJi{9*{c{x, y)),9*{c{x', y')) =X + Y + X' + Y' + 2 

>X + Y + X' + Y' + 1 

= 9{c){iUi{9*{x),9*{y)),u;i{9*{x'),9*{y'))) (Cnd 2) 



E Interpreter with cache 
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(7(x) = w c G Cns E,a \- (Ci_i, ti) — > {Ci, Wi) 

■ (Variable) (Cons) 



S,a\- {C,x) {C,w) e,a\- (Co,c(ti, • • ■ ,*„)) -> (C„,c(«)i, • ■ ■ ,«;„)> 

f e Fct £,a h {Ci-i.,ti) ~* {C'i.Wi) {f(wi,- ■ ■ ,Wrt),w) e C„ 



■ {Cache reading) 



£,<T h (Co,f(ti,--- ,t„)) ^ (C„,w> 
£■,(7 h (Ci_i, ti) -> (Ci.tUi) f (pi, • • • ,Pn) -> r e £ Pi<j' = Wi £,o-' h (C„,r> -> (C, u)> 

5, cr h (Co, f (tl, • • ■ , tn)) — * (Cuilioil(f (iUi, ■ • • , tfn)) ), Uj) 



■ (Push) 



Fig. 2. Evaluation of a rewriting system with memoization of intermediate eval- 
uations 



